diff options
| author | Jan Pavlinec <jan.pavlinec@nic.cz> | 2019-01-12 21:25:37 +0100 |
|---|---|---|
| committer | Yousong Zhou <yszhou4tech@gmail.com> | 2019-01-15 20:35:52 +0800 |
| commit | cb24d1022bef06a43eb5d5ec7454e095ea6b6a1b (patch) | |
| tree | c107521f6e9a7ee5f39550a407eb05cd7031f108 | |
| parent | 2a6ddb5ad82ee5cc98ebae94b1225a7b7c1bedb9 (diff) | |
unzip: patch CVE-2018-1000035 and add PKG_CPE_IDE
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
| -rw-r--r-- | utils/unzip/Makefile | 3 | ||||
| -rw-r--r-- | utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch | 34 |
2 files changed, 36 insertions, 1 deletions
diff --git a/utils/unzip/Makefile b/utils/unzip/Makefile index fd8f74b7c..25b42e1e4 100644 --- a/utils/unzip/Makefile +++ b/utils/unzip/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unzip PKG_REV:=60 PKG_VERSION:=6.0 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_SOURCE:=$(PKG_NAME)$(PKG_REV).tar.gz PKG_SOURCE_URL:=@SF/infozip @@ -19,6 +19,7 @@ PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com> PKG_LICENSE:=BSD-4-Clause PKG_LICENSE_FILES:=LICENSE + PKG_CPE_ID:=cpe:/a:unzip:unzip PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/unzip$(PKG_REV) PKG_CHECK_FORMAT_SECURITY:=0 diff --git a/utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch b/utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch new file mode 100644 index 000000000..e1fdcf588 --- /dev/null +++ b/utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch @@ -0,0 +1,34 @@ +--- a/fileio.c ++++ b/fileio.c +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2017 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -1582,6 +1582,8 @@ + int r = IZ_PW_ENTERED; + char *m; + char *prompt; ++ char *ep; ++ char *zp; + + #ifndef REENTRANT + /* tell picky compilers to shut up about "unused variable" warnings */ +@@ -1590,9 +1592,12 @@ + + if (*rcnt == 0) { /* First call for current entry */ + *rcnt = 2; +- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { +- sprintf(prompt, LoadFarString(PasswPrompt), +- FnFilter1(zfn), FnFilter2(efn)); ++ zp = FnFilter1( zfn); ++ ep = FnFilter2( efn); ++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ ++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); ++ if (prompt != (char *)NULL) { ++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); + m = prompt; + } else + m = (char *)LoadFarString(PasswPrompt2); |